4-Point Checklist for Your Cloud Service Provider’s SLA
August 30, 2016
Contracting with a cloud service provider is not unlike choosing a daycare for your children. In both cases, you are trusting something immensely valuable to an outsider. Just as you would vet a babysitter or daycare facility, before handing over your stockpile of data to a cloud service you need to check their credentials and ask some diligent questions about how they will feed and care for your data while it’s in their charge.
Any IT professional is familiar with the SLA, or service level agreement, but unless you’ve navigated the realm of cloud service providers, you may not be familiar with exactly what to look for in terms of data storage, processing, or management. Here is a handy checklist to use for vetting a cloud provider’s SLA before you entrust them with your baby.
1. Is the Cloud Environment Auditable?
Auditability is the ability to see relevant metrics about the performance, security, and general health of the cloud environment. While all cloud environments are subject to some form of auditing, most public clouds are audited only by the third-party contractor and are not auditable by the customer (aka, you). Some private cloud service providers do allow customer audits; others do not. If you need this ability due to compliance issues, internal data governance policies, or other reasons, check for it in the SLA or ask the service provider specifically.
2. Can You Use Your Own Tools for Electronic Discovery?
It is critical that you are able to search your cloud environment to locate your electronic data in its original metadata format. This is essential for legal purposes, as well as business reasons. However, you can’t assume that all cloud service providers allow this, particularly in a public cloud environment. If there isn’t a specific mention of this in the SLA, ask the cloud provider before signing a contract.
3. What are Your Guaranteed Service Levels (and Penalties)
Some cloud service providers offer only standard service levels for all their customers. Others will agree to customized service levels, but the terms in the SLA can be terribly vague. You need to understand exactly what kind of uptime the company promises, as well as what it historically has been able to provide. It’s also critical to know what credits you’ll receive (and how and when) if the service experiences more downtime than promised. Downtime can be incredibly costly, so be sure your credits will compensate you adequately for your losses.
4. Where, Precisely, Will the Data be Stored?
For legal and regulatory reasons, it’s essential to know that your data is being kept in a location that is subject to the laws your business must operate under. For example, data privacy laws in the EU tend to be far more stringent than those in North America. Comparatively, there are nations in Asia and Africa where virtually no such laws exist. Make sure your cloud service provider is keeping your data where it is both safe and within regulatory compliance. When in doubt, have your legal advisors look over the SLA or speak to your provider before entering an agreement.
Don’t fret! There are plenty of cloud service providers out there, and you will find what you’re looking for. But taking the extra time to examine your SLA before entering into a contract saves you tons of hassle and heartache in the long run.
Looking for more ways to keep your data safe in the age of the hack attack? Buy the book ‘Easy Prey: How to Protect Your Business From Data Breach, Cybercrime and Employee Fraud’ now to learn how to protect your data from the woes of today.
Subscribe now and stay up to date with News, Tips, Events, Cybersecurity, Cloud and Data Compliance.